add cluster and klusterletaddonconfig webhook

Signed-off-by: ldpliu <[email protected]>
stolostron · Aug 9, 2024 · 921d906 · 921d906
1 parent 85c88cb
commit 921d906
Show file tree

Hide file tree

Showing 39 changed files with 2,391 additions and 462 deletions.
diff --git a/agent/Makefile b/agent/Makefile
@@ -24,7 +24,7 @@ CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 
 .PHONY: controller-gen		##downloads controller-gen locally if necessary.
 controller-gen:
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.1
+	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
 
 .PHONY: generate			##generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 generate: controller-gen

diff --git a/go.mod b/go.mod
@@ -31,8 +31,8 @@ require (
 	github.com/operator-framework/operator-lifecycle-manager v0.22.0
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.63.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stolostron/cluster-lifecycle-api v0.0.0-20230222063645-5b18b26381ff
-	github.com/stolostron/klusterlet-addon-controller v0.0.0-20230528112800-a466a2368df4
+	github.com/stolostron/cluster-lifecycle-api v0.0.0-20230810064008-81160dedc4f8
+	github.com/stolostron/klusterlet-addon-controller v0.0.0-20240626080538-fb87041882e2
 	github.com/stolostron/multiclusterhub-operator v0.0.0-20230829141355-4ad378ab367f
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/zap v1.26.0
@@ -47,9 +47,9 @@ require (
 	k8s.io/client-go v0.30.1
 	k8s.io/klog v1.0.0
 	k8s.io/kube-aggregator v0.30.1
-	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
-	open-cluster-management.io/addon-framework v0.9.0
-	open-cluster-management.io/api v0.13.0
+	k8s.io/utils v0.0.0-20240310230437-4693a0247e57
+	open-cluster-management.io/addon-framework v0.10.0
+	open-cluster-management.io/api v0.14.0
 	open-cluster-management.io/governance-policy-propagator v0.11.1-0.20230815182526-b4ee1b24b1d0
 	open-cluster-management.io/multicloud-operators-channel v0.11.0
 	open-cluster-management.io/multicloud-operators-subscription v0.11.0
@@ -211,7 +211,7 @@ require (
 	k8s.io/component-base v0.30.1 // indirect
 	k8s.io/klog/v2 v2.120.1
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	open-cluster-management.io/sdk-go v0.13.0 // indirect
+	open-cluster-management.io/sdk-go v0.13.1-0.20240416062924-20307e6fe090 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

diff --git a/go.sum b/go.sum
@@ -627,8 +627,8 @@ github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/z
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v0.0.0-20190222133341-cfaf5686ec79/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
@@ -1176,10 +1176,10 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
-github.com/stolostron/cluster-lifecycle-api v0.0.0-20230222063645-5b18b26381ff h1:psHMqHMefkFtr7y4JT5tz8oKwmChvLJe/cHUUM9tcMI=
-github.com/stolostron/cluster-lifecycle-api v0.0.0-20230222063645-5b18b26381ff/go.mod h1:pNeVzujoHsTHDloNHVfp1QPYlQy8MkXMuuZme96/x8M=
-github.com/stolostron/klusterlet-addon-controller v0.0.0-20230528112800-a466a2368df4 h1:uK6AKdfrhCKkrEllKDF8W1QtDoWN7HI8qoxVnn6kpIM=
-github.com/stolostron/klusterlet-addon-controller v0.0.0-20230528112800-a466a2368df4/go.mod h1:WyEG4DcVm+zrFgoOFejnMB1Ua8qsX3YwKF2/i8U+HIw=
+github.com/stolostron/cluster-lifecycle-api v0.0.0-20230810064008-81160dedc4f8 h1:HfoSdzarXIABlLNihSRY1Gl+G+L/0Qv9NiqHa3yOWOs=
+github.com/stolostron/cluster-lifecycle-api v0.0.0-20230810064008-81160dedc4f8/go.mod h1:ZNQ3Rttgk4HEreCHfocrhXavLDaUgHbZaUqk5dP8/As=
+github.com/stolostron/klusterlet-addon-controller v0.0.0-20240626080538-fb87041882e2 h1:wcFk/+Oyyg8fcGnFspPDm72e8f/b6GguwpVxVdbtZv4=
+github.com/stolostron/klusterlet-addon-controller v0.0.0-20240626080538-fb87041882e2/go.mod h1:ptR774KOKeg3AW4G4jkf0d+Hn5iTyLMLWc6n5UcP+zw=
 github.com/stolostron/multiclusterhub-operator v0.0.0-20230829141355-4ad378ab367f h1:vKFrnwEqWoR1jJeioWzQhqSzCqBSN31M4w4HOxBfIxc=
 github.com/stolostron/multiclusterhub-operator v0.0.0-20230829141355-4ad378ab367f/go.mod h1:qYKONCSLWFOny+poZRx/6EDKZXZlIBDdeDukYr4+B6c=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1965,25 +1965,25 @@ k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl
 k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY=
+k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
 modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
 modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
 modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
 modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
-open-cluster-management.io/addon-framework v0.9.0 h1:7QKLgfRns2BRLFigjIaWVTPCwG9feM+CNtZ22Yf2I20=
-open-cluster-management.io/addon-framework v0.9.0/go.mod h1:OEIFCEXhZKO/Grv08CB0T+TGzS0bLshw4G9u7Vw8dw0=
-open-cluster-management.io/api v0.13.0 h1:dlcJEZlNlE0DmSDctK2s7iWKg9l+Tgb0V78Z040nMuk=
-open-cluster-management.io/api v0.13.0/go.mod h1:CuCPEzXDvOyxBB0H1d1eSeajbHqaeGEKq9c63vQc63w=
+open-cluster-management.io/addon-framework v0.10.0 h1:bwI1XujcbkDoqlCFG1mKuwXNzoED4im/9/9BVu4xpRo=
+open-cluster-management.io/addon-framework v0.10.0/go.mod h1:HayKCznnlyW+0dUJQGj5sNR6i3tvylSySD3YnvZkBtY=
+open-cluster-management.io/api v0.14.0 h1:yjhnNeO/QudiIoEi0i/yUYmP3iElAfUgtj4pHMV+4uM=
+open-cluster-management.io/api v0.14.0/go.mod h1:ltijKJhDifrPH0csvCUmFt5lzaERv+BBfh6X3l83rT0=
 open-cluster-management.io/governance-policy-propagator v0.11.1-0.20230815182526-b4ee1b24b1d0 h1:r20lNdYf/dZll6d9MRlWv9CAMcW+YO5PGG25odV+FgY=
 open-cluster-management.io/governance-policy-propagator v0.11.1-0.20230815182526-b4ee1b24b1d0/go.mod h1:ZRc+w6JPLUXUGcfR6cYBL+2yufaNWsn7Vi/JugStDuw=
 open-cluster-management.io/multicloud-operators-channel v0.11.0 h1:Uprx8ShWY2P/ng4UduYg6kgZZyF+732uJ4z0ZZWLi04=
 open-cluster-management.io/multicloud-operators-channel v0.11.0/go.mod h1:XpOQgTYxprwTGQBKXwI+6TaJKdOjltO5+jHkTU+LfVA=
 open-cluster-management.io/multicloud-operators-subscription v0.11.0 h1:OLpohu92lMEmWk4LriTyxD1SIJrzHOvuhS3UsnEOElk=
 open-cluster-management.io/multicloud-operators-subscription v0.11.0/go.mod h1:0YDADTwQiNoLc7ihyHhTaCNAxx9VSVvrTUQf3W+AyGk=
-open-cluster-management.io/sdk-go v0.13.0 h1:ddMGsPUekQr9z03tVN6vF39Uf+WEKMtGU/xSd81HdoA=
-open-cluster-management.io/sdk-go v0.13.0/go.mod h1:UnsjzYOrDTF9a8rHEXksoIAtAdO1o5CD5Jtaw6T5B9w=
+open-cluster-management.io/sdk-go v0.13.1-0.20240416062924-20307e6fe090 h1:zFmHuW+ztdfUUNslqNW+H1WEcfdEUQHoRDbmdajX340=
+open-cluster-management.io/sdk-go v0.13.1-0.20240416062924-20307e6fe090/go.mod h1:w2OaxtCyegxeyFLU42UQ3oxUz01QdsBQkcHI17T/l48=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/letsencrypt v0.0.3 h1:H7xDfhkaFFSYEJlKeq38RwX2jYcnTeHuDQyT+mMNMwM=
 rsc.io/letsencrypt v0.0.3/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY=

diff --git a/manager/Makefile b/manager/Makefile
@@ -24,7 +24,7 @@ CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 
 .PHONY: controller-gen		##downloads controller-gen locally if necessary.
 controller-gen:
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.1
+	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
 
 .PHONY: generate			##generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 generate: controller-gen

diff --git a/manager/cmd/manager/main.go b/manager/cmd/manager/main.go
@@ -26,6 +26,7 @@ import (
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
+	"github.com/stolostron/multicluster-global-hub/manager/pkg/addons"
 	"github.com/stolostron/multicluster-global-hub/manager/pkg/backup"
 	managerconfig "github.com/stolostron/multicluster-global-hub/manager/pkg/config"
 	"github.com/stolostron/multicluster-global-hub/manager/pkg/cronjob"
@@ -154,6 +155,8 @@ func parseFlags() *managerconfig.ManagerConfig {
 		"enable the global resource feature")
 	pflag.BoolVar(&managerConfig.WithACM, "with-acm", false,
 		"run on Red Hat Advanced Cluster Management")
+	pflag.BoolVar(&managerConfig.ImportClusterInHosted, "import-in-hosted", false,
+		"Import the managedhub cluster in hosted mode")
 	pflag.BoolVar(&managerConfig.EnablePprof, "enable-pprof", false, "enable the pprof tool")
 	pflag.Parse()
 	// set zap logger
@@ -207,7 +210,7 @@ func createManager(ctx context.Context,
 		NewCache:                initCache,
 	}
 
-	if managerConfig.EnableGlobalResource {
+	if managerConfig.EnableGlobalResource || managerConfig.ImportClusterInHosted {
 		options.WebhookServer = &webhook.DefaultServer{
 			Options: webhook.Options{
 				Port:    webhookPort,
@@ -275,6 +278,15 @@ func createManager(ctx context.Context,
 		return nil, fmt.Errorf("failed to add hubmanagement to manager - %w", err)
 	}
 
+	// Change addons namespaces for hosted mode
+	if managerConfig.ImportClusterInHosted {
+		addons := addons.NewAddonsReconciler(mgr)
+		err = addons.SetupWithManager(mgr)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	// need lock DB for backup
 	backupPVC := backup.NewBackupPVCReconciler(mgr, sqlConn)
 	err = backupPVC.SetupWithManager(mgr)
@@ -335,7 +347,7 @@ func doMain(ctx context.Context, restConfig *rest.Config) int {
 		return 1
 	}
 
-	if managerConfig.EnableGlobalResource {
+	if managerConfig.EnableGlobalResource || managerConfig.ImportClusterInHosted {
 		hookServer := mgr.GetWebhookServer()
 		setupLog.Info("registering webhooks to the webhook server")
 		hookServer.Register("/mutating", &webhook.Admission{

diff --git a/manager/pkg/addons/addons_controller.go b/manager/pkg/addons/addons_controller.go
@@ -0,0 +1,138 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package addons
+
+import (
+	"context"
+	"reflect"
+	"time"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/klog"
+	"open-cluster-management.io/api/addon/v1alpha1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+
+	"github.com/stolostron/multicluster-global-hub/pkg/constants"
+)
+
+var addonList = sets.NewString(
+	"work-manager",
+	"cluster-proxy",
+	"managed-serviceaccount",
+)
+
+// BackupReconciler reconciles a MulticlusterGlobalHub object
+type AddonsReconciler struct {
+	manager.Manager
+	client.Client
+}
+
+func NewAddonsReconciler(mgr manager.Manager) *AddonsReconciler {
+	return &AddonsReconciler{
+		Manager: mgr,
+		Client:  mgr.GetClient(),
+	}
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *AddonsReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).Named("AddonsController").
+		For(&v1alpha1.ClusterManagementAddOn{},
+			builder.WithPredicates(addonPred)).
+		Complete(r)
+}
+
+var addonPred = predicate.Funcs{
+	CreateFunc: func(e event.CreateEvent) bool {
+		return addonList.Has(e.Object.GetName())
+	},
+	UpdateFunc: func(e event.UpdateEvent) bool {
+		return addonList.Has(e.ObjectNew.GetName())
+	},
+	DeleteFunc: func(e event.DeleteEvent) bool {
+		return false
+	},
+}
+
+func (r *AddonsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	klog.V(2).Infof("Reconcile ClusterManagementAddOn: %v", req.NamespacedName)
+
+	cma := &v1alpha1.ClusterManagementAddOn{}
+	err := r.Client.Get(ctx, req.NamespacedName, cma)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+	needUpdate := addAddonConfig(cma)
+
+	if !needUpdate {
+		return ctrl.Result{}, nil
+	}
+	err = r.Client.Update(ctx, cma)
+
+	if err != nil {
+		klog.Errorf("Failed to update cma, err:%v", err)
+		return ctrl.Result{}, err
+	}
+	time.Sleep(1 * time.Second)
+	cma1 := &v1alpha1.ClusterManagementAddOn{}
+
+	err = r.Client.Get(ctx, req.NamespacedName, cma1)
+	return ctrl.Result{}, nil
+}
+
+// addAddonConfig return true if the cma updated
+func addAddonConfig(cma *v1alpha1.ClusterManagementAddOn) bool {
+	newNamespaceConfig := v1alpha1.PlacementStrategy{
+		PlacementRef: v1alpha1.PlacementRef{
+			Namespace: "open-cluster-management-global-set",
+			Name:      "global",
+		},
+		Configs: []v1alpha1.AddOnConfig{
+			{
+				ConfigReferent: v1alpha1.ConfigReferent{
+					Name:      "global-hub",
+					Namespace: constants.GHDefaultNamespace,
+				},
+				ConfigGroupResource: v1alpha1.ConfigGroupResource{
+					Group:    "addon.open-cluster-management.io",
+					Resource: "addondeploymentconfigs",
+				},
+			},
+		},
+	}
+	if len(cma.Spec.InstallStrategy.Placements) == 0 {
+		cma.Spec.InstallStrategy.Placements = append(cma.Spec.InstallStrategy.Placements, newNamespaceConfig)
+		return true
+	}
+	for _, pl := range cma.Spec.InstallStrategy.Placements {
+		if !reflect.DeepEqual(pl.PlacementRef, newNamespaceConfig.PlacementRef) {
+			continue
+		}
+		if reflect.DeepEqual(pl.Configs, newNamespaceConfig.Configs) {
+			return false
+		}
+		pl.Configs = append(pl.Configs, newNamespaceConfig.Configs...)
+		return true
+	}
+	cma.Spec.InstallStrategy.Placements = append(cma.Spec.InstallStrategy.Placements, newNamespaceConfig)
+	return true
+}